ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Reset local domain 'administrator' password to restore system state to migrated vm

    IT Discussion
    6
    17
    919
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403
      DustinB3403 last edited by DustinB3403

      So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

      MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

      Obviously this doesn't work if you can't log in. (like me)

      Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

      Thanks in advance

      JaredBusch 1 Reply Last reply Reply Quote 0
      • JaredBusch
        JaredBusch @DustinB3403 last edited by

        @DustinB3403 said in Trying to use SS to restore a vDC:

        So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

        MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

        Obviously this doesn't work if you can't log in. (like me)

        Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

        Thanks in advance

        There is no such thing as a local domain administrator password.
        You either have a domain password or a local password.

        I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

        dafyre DustinB3403 2 Replies Last reply Reply Quote 1
        • momurda
          momurda last edited by

          What version of WinServer?

          DustinB3403 1 Reply Last reply Reply Quote 0
          • dafyre
            dafyre @JaredBusch last edited by

            @JaredBusch said in Reset local domain 'administrator' password to restore system state to migrated vm:

            @DustinB3403 said in Trying to use SS to restore a vDC:

            So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

            MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

            Obviously this doesn't work if you can't log in. (like me)

            Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

            Thanks in advance

            There is no such thing as a local domain administrator password.
            You either have a domain password or a local password.

            I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

            The local admin password becomes the password to get to the system when you boot it into DS Recovery mode.

            JaredBusch DustinB3403 Dashrender 3 Replies Last reply Reply Quote 4
            • DustinB3403
              DustinB3403 @momurda last edited by

              @momurda said in Trying to use SS to restore a vDC:

              What version of WinServer?

              Server 2008 R2

              1 Reply Last reply Reply Quote 0
              • DustinB3403
                DustinB3403 @JaredBusch last edited by

                @JaredBusch There are local accounts, but they're hidden off, its how you'd access the system in the case of a DSRM need.

                1 Reply Last reply Reply Quote 0
                • JaredBusch
                  JaredBusch @dafyre last edited by

                  @dafyre said in Reset local domain 'administrator' password to restore system state to migrated vm:

                  @JaredBusch said in Reset local domain 'administrator' password to restore system state to migrated vm:

                  @DustinB3403 said in Trying to use SS to restore a vDC:

                  So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

                  MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

                  Obviously this doesn't work if you can't log in. (like me)

                  Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

                  Thanks in advance

                  There is no such thing as a local domain administrator password.
                  You either have a domain password or a local password.

                  I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

                  The local admin password becomes the password to get to the system when you boot it into DS Recovery mode.

                  Then would a password recovery boot disk still work? If it is still a "local account" ?Never had a need for this on a DC.

                  DustinB3403 1 Reply Last reply Reply Quote 0
                  • DustinB3403
                    DustinB3403 @JaredBusch last edited by

                    @JaredBusch Unfortunately no, and the reason being is (and I'm hazy on it too) is that the DC local accounts aren't stored in the same place as a "local" account.

                    if that makes any sense.

                    Our MSP reset the password on a trial system to a generic password, and it worked, but I can't find what they did anywhere online.

                    1 Reply Last reply Reply Quote 0
                    • DustinB3403
                      DustinB3403 @dafyre last edited by

                      @dafyre said in Trying to use SS to restore a vDC:

                      @JaredBusch said in Reset local domain 'administrator' password to restore system state to migrated vm:

                      @DustinB3403 said in Trying to use SS to restore a vDC:

                      So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

                      MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

                      Obviously this doesn't work if you can't log in. (like me)

                      Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

                      Thanks in advance

                      There is no such thing as a local domain administrator password.
                      You either have a domain password or a local password.

                      I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

                      The local admin password becomes the password to get to the system when you boot it into DS Recovery mode.

                      It only becomes the password used to promote the server to be a DC.

                      It doesn't stay current with the domain.

                      1 Reply Last reply Reply Quote 0
                      • momurda
                        momurda last edited by

                        I assume you cant get this thing booted normally and that is why you need this?
                        Otherwise ntdsutil should be used while logged in as domain admin.
                        If so,
                        You might be able to use the nt offline pw reset tool (ive used it many times, just never on a dc).
                        www.chntpw.com/download
                        You can load this up and then see if it will alow you to change the local admin pw. It wont make any changes (just reads) til you tell it to.

                        DustinB3403 1 Reply Last reply Reply Quote 0
                        • DustinB3403
                          DustinB3403 @momurda last edited by

                          @momurda said in Reset local domain 'administrator' password to restore system state to migrated vm:

                          I assume you cant get this thing booted normally and that is why you need this?
                          Otherwise ntdsutil should be used while logged in as domain admin.
                          If so,
                          You might be able to use the nt offline pw reset tool (ive used it many times, just never on a dc).
                          www.chntpw.com/download
                          You can load this up and then see if it will alow you to change the local admin pw. It wont make any changes (just reads) til you tell it to.

                          The issue is we can't restore this DC, with it booting normally, it has to boot into DSRM to recover the System State of the running Hyper-V VM.

                          The local user account tools don't work for this particular account type.

                          1 Reply Last reply Reply Quote 0
                          • momurda
                            momurda last edited by

                            Are you sure? I think the account id is still 500 for administrator(this is the RID on the nt offline pw tool), and it should still use the C:\Windows\System32\config\SAM to store it.
                            You could try it without risk i think
                            Also found this
                            https://adsecurity.org/?p=1714 may not be helpful, but informative at least.

                            1 Reply Last reply Reply Quote 1
                            • Dashrender
                              Dashrender @dafyre last edited by

                              @dafyre said in Reset local domain 'administrator' password to restore system state to migrated vm:

                              @JaredBusch said in Reset local domain 'administrator' password to restore system state to migrated vm:

                              @DustinB3403 said in Trying to use SS to restore a vDC:

                              So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

                              MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

                              Obviously this doesn't work if you can't log in. (like me)

                              Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

                              Thanks in advance

                              There is no such thing as a local domain administrator password.
                              You either have a domain password or a local password.

                              I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

                              The local admin password becomes the password to get to the system when you boot it into DS Recovery mode.

                              I don't think this is entirely accurate. When you promote a DC (at least back in 2008 and older) it asked you for a Recovery Mode password. It didn't just use whatever the local Admin password was as the Recovery user.

                              coliver 1 Reply Last reply Reply Quote 3
                              • Dashrender
                                Dashrender last edited by

                                http://www.top-password.com/knowledge/reset-directory-services-restore-mode-password.html

                                Well these reset instructions seem to imply that the DSRM user is Administrator...

                                DustinB3403 2 Replies Last reply Reply Quote 1
                                • DustinB3403
                                  DustinB3403 @Dashrender last edited by

                                  @Dashrender said in Reset local domain 'administrator' password to restore system state to migrated vm:

                                  http://www.top-password.com/knowledge/reset-directory-services-restore-mode-password.html

                                  Well these reset instructions seem to imply that the DSRM user is Administrator...

                                  Thanks I'll try that tomorrow

                                  1 Reply Last reply Reply Quote 0
                                  • coliver
                                    coliver @Dashrender last edited by

                                    @Dashrender said in Reset local domain 'administrator' password to restore system state to migrated vm:

                                    @dafyre said in Reset local domain 'administrator' password to restore system state to migrated vm:

                                    @JaredBusch said in Reset local domain 'administrator' password to restore system state to migrated vm:

                                    @DustinB3403 said in Trying to use SS to restore a vDC:

                                    So I'm trying to reset the local administrator account password used on a DC, because I can't get into DSRM without the password used when this DC was created. (no one here knows what was used).

                                    MS's instructions say to boot into DSRM mode, open an elevated command prompt and reset the password.

                                    Obviously this doesn't work if you can't log in. (like me)

                                    Any help with how I can reset the local administrator password on a DC so I can get into DSRM so I can then restore the SS to this VM?

                                    Thanks in advance

                                    There is no such thing as a local domain administrator password.
                                    You either have a domain password or a local password.

                                    I was under the impression, that when you DCPROMO a box, the local accounts are nuked. But that is only a vague recollection.

                                    The local admin password becomes the password to get to the system when you boot it into DS Recovery mode.

                                    I don't think this is entirely accurate. When you promote a DC (at least back in 2008 and older) it asked you for a Recovery Mode password. It didn't just use whatever the local Admin password was as the Recovery user.

                                    The recovery mode password, I think, is to do database restores.

                                    1 Reply Last reply Reply Quote 0
                                    • DustinB3403
                                      DustinB3403 @Dashrender last edited by

                                      @Dashrender said in Reset local domain 'administrator' password to restore system state to migrated vm:

                                      http://www.top-password.com/knowledge/reset-directory-services-restore-mode-password.html

                                      Well these reset instructions seem to imply that the DSRM user is Administrator...

                                      This did it.

                                      Thank you @Dashrender !

                                      1 Reply Last reply Reply Quote 1
                                      • First post
                                        Last post